Scribd Logo
Upload

Welcome to Scribd!

  • Snoby Report

    Uploaded by

    Dany J. Marroquin
    31 views2 pages
    This document summarizes sensor and intrusion detection data from November 27-28, 2017. It shows that the Snort sensor detected 4093 events while the Sagan sensor detected 2 events. The vast majority of events were low severity ICMP ping signals. Top sources of traffic were IP addresses 192.168.43.101, 192.168.43.34 and 192.168.43.12, while the top destination was 192.168.43.12.

    Original Description:

    snorby report

    Original Title

    snoby report

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes sensor and intrusion detection data from November 27-28, 2017. It shows that the Snort sensor detected 4093 events while the Sagan sensor detected 2 events. The vast majority of events were low severity ICMP ping signals. Top sources of traffic were IP addresses 192.168.43.101, 192.168.43.34 and 192.168.43.12, while the top destination was 192.168.43.12.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views2 pages

    Snoby Report

    Uploaded by

    Dany J. Marroquin
    This document summarizes sensor and intrusion detection data from November 27-28, 2017. It shows that the Snort sensor detected 4093 events while the Sagan sensor detected 2 events. The vast majority of events were low severity ICMP ping signals. Top sources of traffic were IP addresses 192.168.43.101, 192.168.43.34 and 192.168.43.12, while the top destination was 192.168.43.12.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Snorby.

    org
    Date: Tues day November, 2017 at 02:15 AM UTC
    Monday, November 27, 2017 02:15 AM - Tues day, November 28, 2017 02:15 AM

    Sensors
    Name Event Count

    Snort 192.168.43.12 4093

    Sagan 192.168.43.12 2

    Event Count vs Time By Sensor Snort 192.168.43.12


    Sagan 192.168.43.12
    4k

    3k
    Event Count

    2k

    1k

    0k

    -1k
    2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 0 1 2
    Hour of Day

    Severities
    High Severity (0) Medium Severity (2) Low Severity (4093) Total

    4095

    Severity Count vs Time High Severity


    Medium Severity
    4k Low Severity

    3k
    Severity Count

    2k

    1k

    0k

    -1k
    2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 0 1 2
    Hour of Day
    Protocols
    TCP Count UDP Count ICMP Count Total

    0 3 4091 4095

    Protocol Count vs Time TCP


    UDP
    4k ICMP

    3k
    Protocol Count

    2k

    1k

    0k

    -1k
    2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 0 1 2
    Hour of Day

    Top 15 Signatures
    Signature Name Percentage Event Count

    GPL ICMP_INFO PING *NIX 24.96% 1022

    GPL ICMP_INFO PING 24.96% 1022

    GPL ICMP_INFO PING BSDtype 24.96% 1022

    GPL ICMP_INFO Echo Reply 24.96% 1022

    GPL ICMP_INFO Destination Unreachable Port Unreachable 0.07% 3

    ET INFO DYNAMIC_DNS Query to *.dyndns. Domain 0.05% 2

    [ARP] arpalert - Detected ip change 0.02% 1

    [ARP] arpalert - Detected new machine on the network 0.02% 1

    Top 10 Source Addresses


    Source IP Address Percentage Event Count

    192.168.43.101 41.07% 1682

    192.168.43.34 33.92% 1389

    192.168.43.12 24.98% 1023

    192.168.43.158 0.02% 1

    Top 10 Destination Addresses


    Destination IP Address Percentage Event Count

    192.168.43.12 74.92% 3068

    192.168.43.101 13.65% 559

    192.168.43.34 11.31% 463

    192.168.43.1 0.12% 5

    You might also like